An outdated php on the server, is that really unsafe?

/0 Comments/in

Just for your information: At the time of writing, the PHP 7.3 engine is the latest PHP version. In this article, we are not discussing the code itself but specifically referring to the engine that executes PHP.

Various security services, online scanners, and even WordPress itself immediately respond to the release of the latest PHP version by labeling the PHP 7.2 engine and previous PHP releases as insecure. But is that really the case?

warning sign
With red letters and icons, various services draw your attention to the fact that you are using an outdated and potentially insecure version of PHP.

 

WordPress also does its part by discontinuing support for PHP 5.6 and displaying warnings in your dashboard.

The site diagnosis tool in WordPress raises a critical note about using outdated PHP, not only in terms of version differences but also for intermediate updates.


How seriously should we take outdated PHP? What is outdated about PHP?

Support, development, and security patching for PHP 5.6 and 7.0 ended in late 2018.

The lack of support and security patching for older PHP versions is therefore a serious issue when it comes to the security of your website and even the web server itself.

Once hackers discover a vulnerability, they can exploit it repeatedly!

Hackers, especially automated scripts, infect, modify, or compromise website after website with viruses. It’s only a matter of time until they come across your site on Google, test it, and infect it if your website is running on the outdated PHP engine.

Okay, so outdated PHP versions are insecure?

Are there already known issues, hacks, or vulnerabilities for older PHP versions?

During our research, it seemed that there are very few known vulnerabilities.

We are aware that vulnerabilities are exploited by hackers and are often only shared among them, so many vulnerabilities may not be publicly known

However, we found a website that registers weaknesses, vulnerabilities, and issues of PHP versions.
And there are not just 2 or 20…

This website displays a LARGE NUMBER of weaknesses, issues, and vulnerabilities – at the time of writing, there are 600+ registered, and this number will only continue to grow due to the lack of support for old PHP versions!

Updating to the latest PHP version is not a luxury, but an important key to keeping your website and server secure.

Additional Information

The role of your web host in updating to the latest PHP release

Your web host is responsible for the current PHP version, but not every host is quick to update the server to the newer PHP versions. In some cases, you may need to ask for it.
Note: if you have an unmanaged server, you or your server administrator are responsible for updating the PHP engine.

Your role in updating to the latest PHP release

If your website contains outdated plugins or themes, there is a risk that the website will no longer function after the PHP update.
How often does that happen? Our experience is that 1-3 out of 100 sites do not work after a PHP update (by the way, neither we nor our clients experience these issues because they keep their websites quite up-to-date).

What to do if your WordPress website no longer works after the PHP update

The solution to get your website working again is simple if you are accustomed to using FTP software. You need to manually update your WordPress and plugins. New updates are often compatible with newer PHP versions.

Why manually through FTP software?
Because your website is not working, you cannot do it through the admin panel 😉

What you need to do is manually replace WordPress or your plugins via FTP/directly on the server. (Make a backup first)
PS: Rename the old plugin by adding a “-” before the name and then upload the new plugin. In the case of the WordPress core, put it in a different folder and upload the latest WordPress release.

Guarantee, convenience and security for WordPress websites

/0 Comments/in ,

Deception is part of the hacker’s game

The tricks of hackers go beyond the knowledge, perseverance, and experience of programmers. It’s not due to a lack of expertise but simply because there are thousands of tricks to infiltrate and maintain malware in a WordPress website.

The ongoing battle of a major IT company

This reminds me of the struggle faced by Microsoft, where billions of dollars were invested in protecting Windows against hackers, trojans, and viruses.

And has it been successful? Is Windows impenetrable, 100% secure?

No, criminals come up with new tricks every week, even fooling companies like Norton Antivirus, Kaspersky, and other companies dedicated to intercepting malware, viruses, and the latest tactics used by online criminals.

Now you can understand the importance of having guaranteed security for your WordPress website, as anything can happen!

Whether it’s a small website, a large corporate website, or an online store, NO ONE wants to deal with the detrimental effects of hacks or the costs associated with removing them from the website.

WPbeveiligen = Standard Guarantee & NO additional costs

With our subscriptions, we provide standard guarantee: if a hacker manages to infiltrate your website despite all the security measures we have implemented, we will undo the hacker’s malware/hacks, locate any backdoors, and intensively monitor the site.
We will catch the hacker in their virtual tracks!

This guarantee is provided without any additional costs!

How the WooCommerce plug-in turns WordPress into an online store

/0 Comments/in

WooCommerce is the plugin that turns WordPress into an online store.
It’s interesting to note that WooCommerce is developed by the same creators as WordPress, namely Automattic.

While WooCommerce itself can be downloaded for free, many related plugins come with a price tag.

Now that you know who develops WooCommerce, let’s delve into the details.

Did you know that WooCommerce is simply an extension through the Custom Post Type?

The Custom Post Type is just one of the many built-in features of WordPress. This demonstrates the versatility of WordPress’s built-in functionalities.

But what exactly happens when you activate the WooCommerce plugin?

Grab a cup of coffee or tea, we’re going into the depths!

The Size of WooCommerce

From a data perspective, WooCommerce is not just an “additional file.”
A fresh download of WooCommerce amounts to a whopping 22+ MB and consists of 1807 files.
WordPress itself consists of 1907 files, which means that WooCommerce almost doubles the number of files.

Note: Not all of these files are used or loaded on the website. Many files are options that are used 1-2 times or are only loaded in the front-end or back-end.

WooCommerce & the Database

By default, WordPress has 12 tables, and WooCommerce adds 18 additional tables.
In the screenshot below, you can see the green tables that are part of WordPress by default and the blue tables that are added when you activate WooCommerce.
WordPress plus WooCommerceThe “Recommended” Plugins

The number of files has doubled, and there are 18 additional tables. And just when you thought that was it, there are also the “recommended plugins” that are suggested in step 4 of the installation process.

Note: Do not install and activate everything without consideration. Think of it like a car where they offer racing seats, spoilers, extra brake lights, and winter tires… you don’t need everything!

The following are recommended:

  • The Storefront theme
    It’s a decent theme, free, and reasonably customizable.
  • A VAT plugin
    Is this the best one? Judge for yourself.
  • The WooCommerce admin
    A faster admin interface, useful for managing a lot of information, but some users have experienced issues with this plugin.
  • Mailchimp
    If you plan to send newsletters and collect email addresses, Mailchimp might be for you. Personally, I prefer Laposta.
  • A Facebook plugin
    Only activate it if you have a specific use for it, as it creates APIs or connections that can slow down your website.
  • In step 5, Jetpack is offered…
    Useful if you have experience with WordPress.com, as it brings some features of WordPress.com to your self-hosted WordPress installation.

If you install everything, you end up with 7 plugins,

resulting in 7 times updating plugins. This increases the risk of vulnerabilities. Your WordPress site becomes less secure and slower. Be cautious with the use of plugins, as having too many plugins can lead to various issues!

woocommerce aanbevolen plugins

WooCommerce in the Back-end

In the admin area, you will see two new menu items: “WooCommerce” and “Products.”

  • WooCommerce is a collection of settings, reports, order overviews, and more.
  • Products, technically speaking, refers to the aforementioned “Custom Post Type,” where you can create products and categories to populate your online store.

woocommerce admin menu

If you have installed the WooCommerce Admin plugin, you will also see an “Analytics” menu item.
PS: If you encounter errors or non-functioning features, try deactivating this WooCommerce “admin” plugin. It sometimes conflicts with certain themes or plugins.

WooCommerce also adds a series of fields to the user profile, which can be seen under “Users” when clicking on a profile. These fields include billing and shipping addresses.

WooCommerce on the Front-end

Initially, you won’t see much of the online store.
That is until you add the following pages to your menu:

  • Shop: This is where your products will appear.
  • Cart: This is where customers can view the products they have selected to purchase.
  • My Account: Customers can update their account details, including the aforementioned billing and shipping addresses.
  • Checkout: This is where customers can pay for their selected products. By default, PayPal and Stripe are included as payment options. Many users add Mollie to their setup. Mollie is a Dutch payment service that enables iDeal payments. They offer a dedicated Mollie plugin for WordPress.

Summary

The technical adjustments mentioned above transform your WordPress website into an online store.
WooCommerce utilizes the existing users, admin area, and familiar structure for products and categories.

The transition from a WordPress website to a WooCommerce store is not as daunting as it may seem.

However, keep in mind that running an online store entails legal obligations and responsibilities. You’ll need to handle taxation on earnings, manage inventory, deal with customer support, address complaints, and handle other aspects typical of an online store.

Securing Your Online Store

Do not underestimate the importance

of securing your online store, as it deals with customer and payment information.

The following measures are not luxuries but necessities when it comes to handling payments:

  • E-commerce SSL certificate: Secure the connection between your website and customers’ browsers with an SSL certificate. This ensures that sensitive information is encrypted during transmission.
  • Secure hosting: Choose a reputable web hosting provider that prioritizes security and offers features such as regular backups, server-side security measures, and strong firewall protection.
  • Secure payment gateways: Only integrate trusted and secure payment gateways into your online store, such as PayPal, Stripe, or Mollie.
  • Regular updates: Keep your WordPress core, WooCommerce, and all installed plugins and themes up to date to patch any security vulnerabilities.
  • Strong passwords: Encourage your customers to create strong passwords for their accounts, and ensure that you and your team also use secure passwords for admin access.
  • Monitoring and malware scanning: Implement a security plugin or service that can monitor your website for suspicious activity and perform regular malware scans.
  • User access control: Restrict access to your website’s admin area to authorized users only. Use strong passwords and consider implementing two-factor authentication for added security.
  • Data protection and privacy compliance: Familiarize yourself with data protection regulations in your jurisdiction and ensure that you handle customer data in compliance with applicable laws.

By implementing these security measures, you can help safeguard your online store and protect the sensitive information of your customers.

Remember, maintaining a secure online store is an ongoing process. Stay vigilant, keep up with security best practices, and regularly review and update your security measures to stay one step ahead of potential threats.

Frequently asked questions about the WordPress database

/0 Comments/in ,

Frequently Asked Questions about the WordPress Database

  1. Does the WordPress database have a limit?
    No, there is no limit. You can store as many posts and pages as you want, just like any other database.
  2. Where are my posts stored in the database?
    All posts and pages are stored in the `_post` table.
  3. What is a prefix?
    A prefix is a prefix for a table. It is often set as `wp_`, but for security reasons, it is recommended to change it to a unique prefix.
  4. Are user accounts in the WordPress database secure?
    User passwords are stored using MD5 encryption, but note that other data is stored unencrypted in the database.
  5. Where can I find my database?
    Your web host stores the database in a separate location. To manage the database, you can access the “phpMyAdmin” tool through your hosting panel, cPanel, or DirectAdmin.
  6. What is my database username and password?
    You can find this information in the email you received from your web host when registering and/or purchasing the hosting package. If you no longer have that email, you can also look for a wp-config.php file on your website’s server, which contains the database name, username, and password.
  7. What is localhost?
    In 70% of web hosting packages, you can enter “localhost” as the address for the MySQL database. In some cases, it may be different or not defined, requiring you to use an actual address.
  8. How big is a database?
    Rough estimates for average database sizes are as follows:
    An informative WordPress website: 5-19 MB
    A website with 50 pages/posts: 30-45 MB
    An average WordPress WooCommerce shop: 50-60 MB
    A large WordPress WooCommerce shop: 95-150 MB
    A busy news site with daily articles: Grows by 70-125 MB per year
  9. Why does WordPress suddenly prompt for a new installation on my existing website?
    If WordPress doesn’t find any tables, it defaults to the installation page. This can also happen if the wp_ prefix (mentioned in point 3) is not set correctly, causing WordPress to be unable to locate the database tables.

We hope these questions have been answered. If you have a question that is not listed here, please let us know in the comments section at the bottom of this page. We will do our best to answer the questions posted in the comments, and who knows, we might even include the solution directly in our article!

Is the most downloaded WordPress.org security plugin the best?

/0 Comments/in

This message provides information about the most downloaded/active security plugins available in the WordPress plugins section on WordPress.org.

What is the most downloaded/active security plugin at the moment?

  1. WordFence has 3,000,000 active users.
  2. iThemes Security has 1,000,000+ active users.
  3. All In One WP Security & Firewall has 800,000+ active users.
  4. Sucuri has 700,000+ active users.
  5. Cerber Security has 100,000+ active installations.

WordFence

It is surprising that WordFence has three times more users compared to iThemes Security. This could be due to the extensive configuration options of iThemes Security, which may seem a bit complicated for first-time users, or it could be attributed to the marketing efforts of WordFence.

It’s also possible that iThemes Security transitions to a different plugin for its premium version, making the free version inactive. When you upgrade to the pro version, you get a different plugin with the same functionality but with additional features.

WordFence offers a license that provides more features within the plugin itself, which contributes to their higher user numbers.

Is WordFence better than iThemes?

This is a subjective matter of preference and experience. We have been using iThemes for years, and it works well. They collaborate with Sucuri for scanning, and iThemes Security has all the necessary features. We are familiar with these features because we extensively analyzed the 2015 release of iThemes Security to understand its functionality and workings in detail.

iThemes is simply good, and as the saying goes, if something is good, you shouldn’t change it. It could only get worse.

Other security plugins

There is “All In One WP Security,” which is excessively all-encompassing in my opinion. There is also “Cerber,” which, as mentioned earlier, has a relatively low number of active installations. Cerber is an excellent plugin with impressive features that WordFence and iThemes can learn from. It’s surprising and unfortunate that it has fewer users. However, from a marketing perspective, “CERBER” doesn’t sound appealing, does it? It’s not easy to remember.

Is the most downloaded/active security plugin the best?

Well, WordFence and iThemes are currently the best. They have a good cash flow, allowing them to maintain a strong team. Whether they perform better than Cerber or All-In-One Security is still debatable. In the rapidly evolving world of hacking, the best security plugin is the one whose team consistently resolves vulnerabilities first, time and time again, week after week.

A product is only as good as the team behind it, and numbers are only relevant if the team continues with passion. After all, hackers around the world are constantly at work.

In that regard, kudos to all the builders of security plugins!

If you’re looking for a good security plugin

, go for WordFence or iThemes Security.

If you want to ensure that your website is secure, keep in mind that a product is only as good as the team behind it, and you are the weakest link.

Configuring the security plugin correctly is crucial, and this can be a daunting task, not only for website owners but even for WordPress developers.

Why?

You need to enable/disable settings such as XML-RPC, the REST API, directory browsing, and logs.

We spent years perfecting these configurations because certain plugins require XML-RPC or the REST API, and blocking all 404 IPs may not be beneficial.

It’s a specialized skill, a fascinating one. But it’s not something you can do on your own.

Feel free to hire us or ask questions

If you have a serious business website, you can hire us to secure your website. Security is a necessity, especially if you have an online store, not a luxury!

We will provide an affordable invoice with VAT that you can give to your accountant or declare for tax purposes.

If you decide to tackle it yourself, do thorough research like you’re doing now by reading this entire article (kudos to you!). You can learn more on our website in the news section or by searching on Google.

You can also ask questions in the comments. Sometimes, we have busy weeks, but we always do our best to respond within a few days.

Is the most downloaded WordPress.org security plugin the best?

/0 Comments/in

This message provides information about the most downloaded/active security plugins available in the WordPress plugins section on WordPress.org.

What is the most downloaded/active security plugin at the moment?

  1. WordFence has 3,000,000 active users.
  2. iThemes Security has 1,000,000+ active users.
  3. All In One WP Security & Firewall has 800,000+ active users.
  4. Sucuri has 700,000+ active users.
  5. Cerber Security has 100,000+ active installations.

WordFence

It is surprising that WordFence has three times more users compared to iThemes Security. This could be due to the extensive configuration options of iThemes Security, which may seem a bit complicated for first-time users, or it could be attributed to the marketing efforts of WordFence.

It’s also possible that iThemes Security transitions to a different plugin for its premium version, making the free version inactive. When you upgrade to the pro version, you get a different plugin with the same functionality but with additional features.

WordFence offers a license that provides more features within the plugin itself, which contributes to their higher user numbers.

Is WordFence better than iThemes?

This is a subjective matter of preference and experience. We have been using iThemes for years, and it works well. They collaborate with Sucuri for scanning, and iThemes Security has all the necessary features. We are familiar with these features because we extensively analyzed the 2015 release of iThemes Security to understand its functionality and workings in detail.

iThemes is simply good, and as the saying goes, if something is good, you shouldn’t change it. It could only get worse.

Other security plugins

There is “All In One WP Security,” which is excessively all-encompassing in my opinion. There is also “Cerber,” which, as mentioned earlier, has a relatively low number of active installations. Cerber is an excellent plugin with impressive features that WordFence and iThemes can learn from. It’s surprising and unfortunate that it has fewer users. However, from a marketing perspective, “CERBER” doesn’t sound appealing, does it? It’s not easy to remember.

Is the most downloaded/active security plugin the best?

Well, WordFence and iThemes are currently the best. They have a good cash flow, allowing them to maintain a strong team. Whether they perform better than Cerber or All-In-One Security is still debatable. In the rapidly evolving world of hacking, the best security plugin is the one whose team consistently resolves vulnerabilities first, time and time again, week after week.

A product is only as good as the team behind it, and numbers are only relevant if the team continues with passion. After all, hackers around the world are constantly at work.

In that regard, kudos to all the builders of security plugins!

If you’re looking for a good security plugin

, go for WordFence or iThemes Security.

If you want to ensure that your website is secure, keep in mind that a product is only as good as the team behind it, and you are the weakest link.

Configuring the security plugin correctly is crucial, and this can be a daunting task, not only for website owners but even for WordPress developers.

Why?

You need to enable/disable settings such as XML-RPC, the REST API, directory browsing, and logs.

We spent years perfecting these configurations because certain plugins require XML-RPC or the REST API, and blocking all 404 IPs may not be beneficial.

It’s a specialized skill, a fascinating one. But it’s not something you can do on your own.

Feel free to hire us or ask questions

If you have a serious business website, you can hire us to secure your website. Security is a necessity, especially if you have an online store, not a luxury!

We will provide an affordable invoice with VAT that you can give to your accountant or declare for tax purposes.

If you decide to tackle it yourself, do thorough research like you’re doing now by reading this entire article (kudos to you!). You can learn more on our website in the news section or by searching on Google.

You can also ask questions in the comments. Sometimes, we have busy weeks, but we always do our best to respond within a few days.

Your site uses an outdated version of PHP

/0 Comments/in

This message indicates that the PHP version used by the server to process PHP is outdated.

How risky is an outdated PHP version?

If you’re only a month behind, it’s not a problem. Even a few months may not be a big issue. However, if you’re significantly behind on major PHP releases (a year or more), it becomes different. There is a risk of security vulnerabilities.

How can you update PHP to a new version?

Usually, your web host takes care of this for you. If you have a VPS (Virtual Private Server), you may need to update PHP yourself or request assistance from your web host. There may be associated costs involved.

You should remove inactive themes

/0 Comments/in

When creating a WordPress website, multiple themes are sometimes experimented with. No problem, of course, but once you have chosen a theme to continue with, it is good practice to remove the remaining inactive themes.

Why should I remove themes that are not active?!

The themes still exist on the server. Any data stored on the server can be used by a hacker or script to gain access to your website.

And there are several reasons to remove your inactive themes

  1. Themes you are not using take up space on the server
  2. Themes can serve as hiding places for backdoors created by viruses and hackers
  3. Themes need to be updated. They are recognized by WordPress, leading to update notifications every week/month, even though you are not using them!

I remove everything I don’t need, just like in my house.

Beware of your “child” theme!

Many frameworks have a child theme associated with them. Customizations are made within the child theme, and you wouldn’t want to lose those. Therefore, make sure your website is not using a child theme before removing any themes.

Have a default theme available

/0 Comments/in

I understand your concerns about having a default fallback theme available as a “fallback” option in WordPress.

Having a default theme, especially a WordPress Twenty- series theme, is something you may prefer not to have on your server. It goes against the logic of another diagnostic point we mentioned: you should remove inactive themes, where we explain that inactive themes can be potential entry points for hackers and scripts.

Yes, a fallback theme ensures that your website is still accessible in case of an error.

However, you may not want to see how your website looks with a default theme, and the potential risks associated with using an outdated default theme. In such cases, it may be preferable to see a blank page or an error message that you can address and resolve as quickly as possible.

Where can I find the Sitediagnosis of my WordPress website?

/0 Comments/in

The Site Health tool in WordPress can be found in your admin area under Tools > Site Health.

If your WordPress admin is in English, you can find the Site Health tool under Tools > Site Health.

The Site Health tool has been a built-in feature of WordPress since version 5.1, so you no longer need a plugin for it.

However, please note that plugin developers may use the Site Health tool to display their notifications. This means that the Site Health tool may show notifications that aim to encourage users to upgrade to a paid pro/premium version of the plugin.

As a result, the number of notifications displayed can quickly add up, but it doesn’t necessarily mean that something is wrong with your website.

At the time of writing, the Site Health tool is primarily relevant for checking if your PHP/MySQL server software is up to date and if you are not falling too far behind on updates.